Multi-factor authentication and Two-factor authentication (2FA) Resources

I agree with experts, who suggest using Two-factor authentication on all of your accounts that offer it. Most banks and credit unions require 2FA. It's the code they send to you by SMS text, email, or a voice call. 

• I have included articled from five sourced describing what 2FA is how to use it and many web sites that offer it as an option to secure your account.
• After learning what 2FA is, you will find a great article by PCmag, "Who Has It and How to Set It Up." It's a great guide to implementing 2FA is sites most of us use.
• Perhaps as impotent as implementing 2FA is avoiding getting locked out of your accounts when using Two-Factor Authentication.
• I use Authy in place of Google Authenticator. Authy synchronizes to the cloud allowing use on multiple devices, including phones, tablets, computers, and browsers, making it both convenient to use and eliminates the issue moving to a new phone or computer.

> This site Two Factor Auth maintains a list of websites and whether or not they support 2FA.

Multi-factor authentication and Two-factor authentication – By From Wikipedia, the freeen.wikipedia.org

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence.

Two-factor authentication – By Chris Woodford explainthatstuff.com

How careful are you when it comes to securing your computer? Do you take pains to choose complex passwords and not write them down where other people can find them? Even if you do, isn't it just possible someone else could hack into the systems you use and do all kinds of damage?

Two-factor authentication (2FA) – By Margaret Rouse searchsecurity.techtarget.com

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication.

How Does Two-Factor Authentication (2FA) Work? – By Brad merchantfraudjournal.com

Two-factor authentication is the best way to protect sensitive data from theft.

How does multi-factor authentication work (technically)?  – Christian Roberts, Security Engineer at Protectimus Solutions

The most popular second factor is OTP (one-time-password). Usually, it is 6 or 8 digits password, which could be delivered to users via SMS or email or generated by software or hardware token.

Two-Factor Authentication: Who Has It and How to Set It Up – By Eric Griffith pcmag.com

You can get that code via text message or a specialized smartphone app called an "authenticator." Once linked to your accounts, the app displays a constantly rotating set of codes you can use whenever needed—and it doesn't even require an internet connection. The arguable leader in this area is Google Authenticator (free on Android and iOS). Twilio Authy, Duo Mobile, SAASPASS, and LastPass Authenticator, among others, all do the same thing on mobile and some desktop platforms, and the majority of popular password managers all have 2FA by default.

The codes provided by authenticator apps sync across your accounts, so you can scan a QR code on the phone and get your six-digit access code on your browser if supported.

Two-Factor Authentication Is a Must for Mobile by RSA

RSA is an American computer and network security company with a focus on encryption and encryption standards.

SecurityWatch: How to Not Get Locked Out With Two-Factor Authentication – By Max Eddy pcmag.com

What happens if I lose my password? Or if my antivirus deletes my stuff? The advent of two-factor authentication has created a new twist on familiar anxiety: what happens if I can't use my second factor and get locked out of my account?

How to Avoid Getting Locked Out When Using Two-Factor Authentication – By Chris Hoffman howtogeek.com

What happens if you lose or reset your phone? If you don't plan your recovery method ahead of time, you could permanently lose access to your accounts.

2FA questions

• Who initiates the process to set up the authenticator app, by which I mean, who generates the code for a transaction?
• Is it always the merchant, or does the customer sometimes initiate it? i.e., Are there some merchants who let the customer initiate the app to generate a six-digit code?

The confusion comes because of Authy. As I understand Authy, that the program generates a six-digit code. 

  A: Authy app requires a cell phone number to set up. I also have Mac, Win10, and Chromebook apps. gmm 

• Banks don't require the use of the cellphone when a log-on attempt comes from my desktop computer.

  A: SMS to a cell phone is much faster and works when not at your home.

• To continue my question, how is it that Authy can generate a six-digit code that is useful if the merchant always and only creates a code that it will accept and recognize? I have not gotten Authy to work yet?

A: Authy and Google Authenticator use TOTP (Time-Based One-Time Password) algorithm that generates short-lived OTPs to provide additional security to users' accounts. Generated passwords are temporary and valid a certain amount of time (usually 30-60 seconds). TOTP algorithm based on HOTP with a time-based moving factor described in RFC 6238.

OTP (one time password) is sent to an Authentication server by a user, for authentication validation is synced based on time.

There are three factors involved in the OTP generation process:

1. Time(T1)
2. Serial no. of a token (secret key)
3. Algorithm(A1)

• Are there merchants who let the customer generate the 2fa six-digit code for a transaction? 

A: OTPs are generated based on the secret key. Usually, the server generates the secret key, and the token programs the secret key into the app, allowing the generation of OTPs by the app. The server checks OTP, and if it's correct, the server provides access to the system.

A: Two Factor Auth twofactorauth.org List of websites and whether or not they support 2FA.

Separate but related issue: Privacy.com has not let me identify a bank to work with their service. 

A: We're only able to send an SMS text message to confirm someone's phone number on their Privacy account.